Watch This! Unlimited Leads at a Click of a Button.. Find out More

Why I Moved My WordPress Blog From HTTP to HTTPS

It’s been a while that we’ve heard of the potential “SEO benefits” of moving your entire site to HTTPS, but that’s not why I decided to do it.

It’s kind of funny how this happened, this wasn’t planned, I was just working on a few things one day and wanted to put up a coaching page with stripe checkout. That way when I officially launch the coaching sessions, people can easily buy while remaining on the site, and of course an SSL certificate is required.

Normally, I don’t post much about blogging, and especially nothing wordpress related because I’m a WP newb. Most of the sites I’ve done for clients were Magento, Joomla, Drupal, etc.

My hope is that if you guys and girls want to move to HTTPS, that this guide will make it a stupid simple transition for you.

For me? I had issues… so I hope to help you avoid those issues.

Why I Finally Decided to Move From HTTP to HTTPS

There were a few reasons I wanted to move from HTTP to HTTPS. At first, I was thinking, I would just have a couple pages for https. It made sense, have it for a coaching page, make sales pages for my Ultimate Agency Blueprint and Ice Cold Email Gold so people wouldn’t need to leave the site in order to buy.

But then I decided, the work is probably about the same, so why not make the entire blog https?

I carefully weighed my options, and after about 15 minutes of thinking, I decided to go for it and give it a try.

These were the reasons I decided to stress myself out for 48 hours:

  1. SEO Benefit – honestly this was only a small role in my decision. The truth is, I’m not sure HTTPS really performs better, and that it isn’t just some sort of Google propaganda to make people switch. Regardless of the outcome, I figured it would make an interesting case study to show you guys. So far, it’s too early to tell, as I only did the move a few days ago and about 60% of my pages have been indexed.
  2. I wanted to see referral traffic! I know, it sounds silly. However, I started trying a few different traffic sources last month, one was Quora, and one was Instagram. It wasn’t until later on in the month that I discovered I can’t see all my referral traffic. It reports as direct. This is because if an https site links to an http site, the referrer doesn’t get passed unless they have a meta tag calling to pass the referrer. If you have an https site, you can see the referring traffic.
  3. Focus on User Experience When People Buy. Right now, if someone wants to buy my Agency Blueprint, they click on a link or right side bar ad, go to the warrior forum, click to buy and then go to gumroad, which allows them to buy. That’s awful user experience, and while I do enjoy the Warrior Forum traffic, and reviews posted there, I think I’m losing out on conversions. People that are interested in buying, are probably interested because they know and trust this blog, so I should probably keep people here as long as possible.

I think eventually the effort will pay off, for now, I’m just glad to be done with it.

I’ll make another post in the future, comparing a few keywords to see if there is any correlation between https and higher rankings. I suspect that there will be very little, if any at all, but we’ll find out.

How To Move From HTTP to HTTPS With No Hassle

I’m going to share the exact process I went through, and make notes of things I wish I knew ahead of time. If you have any questions, feel free to ask in the comment section at the end of the post.

Some of this may seem intimidating but I promise, the process can be complete within an hour or two, even for a complete newb. I’m very beginner level with wordpress, and whenever I had a server issue in my business, I had a guy that handled it. Me? I’m not good at this stuff, but I was able to get through it.

If you follow these steps, you won’t have a problem.

Step 1 – Get Your SSL Certificate

I went to SSLS.COM to get my certificate. Your hosting company or domain registration company probably offers them as well but I went here because I remember them being the cheapest, as far as I know at least.

There are different types of certificates you can get. Domain validation which is what I did for IncomeBully. It doesn’t work for sub domains, or other domains, just this one but I figured that’s all I needed.

If you need to cover subdomains, you will want to get a wildcard certificate.

For those of you that are really ambitious and want additional branding, you can get an extended validation certificate that shows the https in green, as well as the green area to the side with your site name. I should have got that, but I decided to be cheap. After all, for $4.99/year, I think I can live without the EV certificate ($140+).

Note: LetsEncrypt offers free SSLs but it seems more complicated, I used ssls.com. 

Step 2 – Generate a CSR… and stuff

A CSR is a Certificate Signing Request, and as far as my understanding goes… actually, I was going to tell you what I thought, but it doesn’t matter. You just need it in order to get setup!

Note 1: You need to ask your hosting company to put you on a dedicated IP

Note 2: If you have private WHOIS you need to make it public, only while waiting for the SSL to be issued. Once you have an RSA key you can turn it back to private.

Getting it is easy, if you’re with:

HostGator: They’ve surprised me, usually their support is awful but for the SSLs it only took maybe 3 or 4 hours via ticket system. https://www.hostgator.com/generatecsr (here to request the install https://secure.hostgator.com/installssl.php )

BlueHost: This will outline the steps you need to follow.

NameHero – I love NameHero, it’s the host I’ve been recommending for a few months now, if you’re not with them, their reseller plan is cheaper than other big hosts, it’s cloud hosting, super reliable, and support is top notch. They’ll move your site(s) for you. Anyway, if you’re with them, the process is easy, you just generate the CSR from your cPanel, they have SNI enabled so you don’t need a dedicated IP but can always request it.

Their dedicated IPs are $15/year, which beats hostgator at $24/year. Install is free, HG and others cost an average of $10.

Step 3 – Activate the SSL

Once you have your CSR and RSA key, you just login to SSLS or wherever you got your certificate from and use the code that was generated. Just copy and paste it, pretty simple, and activate.

Now, SSLS will send you an email, it’s a zip file and contains all your .crt files, which are for your hosting company. You will need to upload these to your FTP, and let your hosting company know that they’re there.. once they have that, they will activate your domain for https.

Once your server is configured, which by the way, requires very little effort on your part, your hosting company does it all…. you need to configure wordpress.

Step 4 – Configuring WordPress to Work with SSL

This is where I had trouble. I’m going to outline the steps I took, so pay close attention, this is the part that matters most.

Note: Temporarily disable your cache in WP

Note 2: Go to WP settings –> General and make sure you put in your https version. 

I used Really Simple SSL plugin for WordPress – This plugin had a lot of reviews, 4.9 out of 5 stars. I’ve seen it recommended on other blogs when they talk about getting https enabled. I thought, wow, these people must really love this plugin, so sure, I’m going to give it a shot.

The truth is, it made the move from http to https very simple. (You can get the plugin here, it’s free)

I’ll explain the problems later on, but I told you I would outline this, step by step and this is what I did.

Once you run the plugin, activate SSL through it. It’s easy, you click the button that says “activate SSL”.

Next, I realized Really Simple SSL doesn’t change everything I needed changed. You don’t get the pretty green https and lock if you have what is referred to as “mixed content”. Mixed content, is when you have http data transferred on the same https page. For example, I had(and have) some aweber forms that give me mixed content. You can either pay $25 to upgrade the plugin to the pro version, or be cheap.

I decided to be cheap. 

I didn’t want to upgrade to the pro version, because I knew there was a free way to do it pretty easily. Actually, I believe doing it this way, would eliminate the need for Really Simple SSL, but I’m not 100% on that.

I went to InterConnectIT who provides a really cool search and replace script for wordpress. You create a folder for it in your FTP, they actually have good instructions on it already, then you upload the files.

Go to wherever you install it… lets say you create a folder called search-my-stuff in your FTP so the browser link would be domain.com/search-my-stuff

Once you’re there, search http://domain.com or http://www.domain.com and replace it with https:

I recommend running as a “Dry Run” first, so you can see what gets changed then do a live run.

Once you do this, you should be good to go. If you’re using Chrome and you don’t have a green lock with a green https: that means you have mixed content. Click on the lock or tab to the left of the https in the address bar, click more details and you should be able to see what your errors are. Go back and run whatever you need to in the search and replace script.

That’s all you need to do… the entire process should take you 2 hours at most. For me, it took a couple days because I didn’t know what I was doing, and the main problem I had is something that didn’t affect the functionality of the site.

Now here’s the part I talk bad about Really Simple SSL.

I have no complaints about the plugin getting your site ready for SSL. No complaints.

However, after the site is setup for SSL, is when I had my problem.

No referral traffic was getting reported, except for links directly to the home page.

I spent a long time trying to figure out what was going on, why my analytics was showing direct traffic when it should be referral traffic. I eventually stopped trying to figure it out and contact the guy that made the plugin.

So I submitted a ticket… I said, all my referral traffic is gone, is it possible that it could be because of the plugin? I know http sites do not report referral traffic if it comes from an https but I should still get referral traffic with an https. What do I do?

The first suggestion he gave me, was to change all the backlinks to this blog. I read his response, and thought, “really dude?”… I couldn’t believe that was the “fix” to my problem, just change ALL the backlinks to the blog.

I responded again, asking if he can confirm that it is because of the plugin.

He wrote back; “The referral is probably recorded as a direct hit, as it is recorded as coming from http, because of the redirect.”

No kidding, my problem in the first ticket was that the referral is being recorded as a direct hit… if it comes from http to https it should STILL report the referral. Now if it were https to http it would not record it as referral.

So there was only one solution… uninstall the plugin.

It was great for getting things setup, but bad for afterwards if you care about analytics.

What I discovered is that they used a javascript redirect that didn’t pass referral data. So I had to go into my .htaccess and add the following code:

The bold is what is new… the other stuff was already there.

<IfModule mod_rewrite.c>
RewriteBase /
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://incomebully.com/$1 [R,L]
RewriteEngine On
RewriteRule ^index\.php$ – [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

Obviously, you will want to replace incomebully.com with your own domain.

Do that, and your problem is solved. Or, you can just use the search and replace script I linked to and not have to deal with any of that.

The code listed above will do a 301 redirect, so all links you had will go to the https version.

Step 5 – Setup New Google Webmaster Tools Site

You can’t edit your old one,  you just need to setup a new property.

If you’re using Yoast, they make the entire process pretty easy, you just need to copy your GWT key into the area it has for you and you’ll be able to verify.

You will also want to make sure that your sitemap is submitted.

Google treats this as an entirely different site, so your regular http is going to drop off, and not report https unless you set it up.

Step 6 – Make Sure Analytics Reports HTTPS

This is pretty easy.

Just login to Google Analytics, and click on the admin button. Next, click Property Settings and change your default domain to https.

While you’re there, you may want to connect webmaster tools to analytics.

I don’t know if you need to do this, but I did it, I went into view settings as well, and added the https version.

Note: If you setup conversion goals in analytics, you need to change those to https or you won’t report any new conversions. 

That it!

Final Thoughts

If you move from http to https it would be a lot easier if it were a brand new site, but if you follow these steps, you’ll be able to transition to https pretty easily.

I had to figure a lot out on my own, like the plugin issue I had, but you won’t need to deal with that.

Let me know if you have any problems, questions or comments. Stay tuned for the case study to see if this has any measurable effect on my rankings.

P.S. This could be a nice upsell if you work on client websites.

8 Comments

Add a Comment